Compliance management, an issue in IS design
Friday, January 1st, 2010Bonazzi, R., Hussami, L., Pigneur, Y. (2010) Compliance management is becoming a major issue in IS design. inD’Atri, A., SaccĂ , D. Information systems: people, organizations, institutions, and technologies, Physica Verlag, Springer:391-398
initially presented at the 5th Conference of the Italian Chapter of AIS (2008)
This article aims at improving the information systems management support to Risk and Compliance Management process, i.e. the management of all compliance imperatives that impact an organization, including both legal and strategically self-imposed imperatives. We propose a process to achieve such regulatory compliance by aligning the Governance activities with the Risk Management ones, and we suggest Compliance should be considered as a requirement for the Risk Management platform. We will propose a framework to align law and IT compliance requirements and we will use it to underline possible directions of investigation resumed in our discussion section. This work is based on an extensive review of the existing literature and on the results of a four-month internship done within the IT compliance team of a major financial institution in Switzerland, which has legal entities situated in different countries.
(pdf)